We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X


This Product is Going End-of-Life and End-Of-Support

End-Of-Sales: As of December 1st, 2018, all new sales for Barracuda NextGen Firewall X Series products have ceased. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time up to an expiration date of 30th November 2020.

End-Of-Life and End-Of-Support on December 1st 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires, or until Dec 1st, 2020, whichever occurs first. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure Authentication Through a Site-to-Site VPN Tunnel

  • Last updated on

If your authentication server is located at a remote location connected via a site-to-site VPN tunnel. By default the firewall uses source-based VPN routing. To be able to connect to the remote authentication server the VPN routes must be added to the main routing table. VPN routes are always added with a metric of 10.

Before you begin

  • Verify that at least one static interface configuration or the management IP address is part of the local published network you want to use for the site-to-site VPN tunnel.
  • Go to NETWORK > Routing and verify that the VPN routes for the remote published networks will not break your existing routing configuration. 

Step 1. Configure a site-to-site VPN tunnel

Configure a site-to-site VPN tunnel. At least one local published network must be directly attached to the firewall and configuration as a static network interface or as the management network.

For more information, see How to Configure a Site-to-Site VPN with IPsec or Example - Configuring a Site-to-Site IPsec VPN Tunnel.


Step 2. Change VPN settings to add VPN routes to main routing table

In expert mode, switch from the default source-based routing to adding the VPN routed to the main routing table.

Replacing VPN source-based routing without a proper migration plan may break your current setup and cause loss of connectivity. VPN routes are always added with the metric set to 10.

  1. Go to VPN > Settings.
  2. Append &expert=1 to the URL to switch to expert mode.
  3. In the VPN Routes section, set Add VPN Routes to Main Routing Table to Yes.
  4. Enter the VPN Interface IP address. The IP address must meet the following criteria:
    • The IP address must be in one of the site-to-site VPN local published networks.
    • The IP address must be assigned to a static network interface as a primary or secondary IP address, or the management or secondary IP address in the management network.
  5. Click Save.

Go to NETWORK > Routing and verify that the VPN routes are now in the main routing table:


Step 3. Configure authentication server

Configure the external authentication server. Click Test Connection to verify that the firewall can connect to the remote authentication server through the site-to-site VPN.

For more information, see How to Configure an External Authentication Service

Last updated on